PCI DSS Advisory
All businesses that accept or handle any of the major credit cards are required to meet the Payment Card Industry Data Security Standard (PCI DSS) in order to keep their customers’ credit card data secure. The standard, maintained by the Payment Card Industry Security Standards Council, was created to reduce credit card fraud, and is mandated by credit card companies. It requires companies to validate their compliance annually via an assessment either by a Qualified Security Assessor (QSA) or an Internal Security Assessor (ISA) who creates what is known as a Report on Compliance (ROC) as part of the assessment process.
PCI DSS version 3.2.1, released in May 2018, specifies six major control objectives. These are:
- Build and Maintain a Secure Network and Systems
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor and Test Networks
- Maintain an Information Security Policy
EthicalHat offers two important services to ensure that your business complies with PCI DSS – PCI Gap Assessment, and QSA Assessment.
PCI Gap Assessment
Identifying gaps and vulnerabilities
We start the assessment process by identifying the gaps in your business’s PCI DSS compliance. Most businesses are not fully PCI compliant from the start, and EthicalHat serves as a qualified, objective third party to find and evaluate any vulnerabilities in your technology and procedures that could jeopardize your customers’ card data. This is done by creating a Data Flow Diagram and identifying the points at which cardholder data enters the system; where it is processed, stored, and transmitted; and where it may be at risk.
After pointing out any PCI DSS requirements that have not been met, our specialists present you with a step-by-step plan detailing the most effective ways to close all your compliance gaps, while still giving you some options based on your business’s needs. This service will save you time and money, enable you to meet PCI requirements, and ensure maximum payment card data security.
Qualified Security Assessor (QSA)
EthicalHat has partnered with Qualified Security Assessment (QSA) companies that are authorized by the PCI Security Standards Council to perform annual PCI audits.
Our QSA partners conduct a prioritized risk assessment to inform you of any remaining data security issues with your systems, infrastructure, policies, and procedures.
They also issue a compliance report (a Report on Compliance or ROC for larger organizations, and a Self-Assessment Questionnaire or SAQ for smaller companies) to certify your compliance with the bank you are partnered with. This will verify that your business has taken the necessary steps to secure your environment for customer transactions to protect their data from being compromised.